Self-sovereign identification via digital credentials for identity attributes

ABSTRACT

Disclosed are example methods, systems, and devices that allow for the generation and provisioning of digital credentials, which may demonstrate that a trusted entity has validated individual identity attributes, or sets of attributes, of a user. Digital credentials may also demonstrate one or more extrapolations resulting from deductions or inductions from validated identity attributes. A receiver device may indicate which identity attributes or extrapolations are sought by displaying a QR or other code and/or via a transmission using NFC or other wireless communication, and a user device may access corresponding digital attributes in an ID wallet to be provisioned via code or transmission. Digital credentials may restrict uses and usability of identity attributes. Cryptographic keys and/or distributed ledger records may allow recipients to verify authenticity of digital credentials. The same identity attribute may be proven by showing validation by multiple selectable trusted entities.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/598,904, filed Oct. 10, 2019, and incorporated herein by reference inits entirety

TECHNICAL FIELD

The present disclosure relates to generation, management, and use ofdigital credentials with individual identity attributes validated byvarious trusted entities.

BACKGROUND

Traditional methods for presenting identification lead to unnecessarydisclosure of extraneous information not requested (or desired) byrecipients, posing a significant challenge to privacy and security.Conventional identification documents (such as a person's driver'slicense or passport), which can reveal a large set of personalinformation that should remain confidential, are issued by, and acceptedfrom, a limited number of authorities and are not tailored to particularsituations.

SUMMARY

Various embodiments of the disclosure relate to a method implemented viaa mobile device. The mobile device may run a mobile applicationcomprising, or having access to, an identity wallet. The identity walletmay comprise one or more digital credentials. The digital credentialsmay be stored at the mobile device and/or at a remote system such as,for example, a credential management system or other wallet providersystem. The method may comprise receiving a first signal correspondingwith an identity request. The first signal may be received by the mobiledevice from a receiver device. The receiver device may be associatedwith, or may be a part of, an entity or entities (healthcare orfinancial organizations, governmental bodies, smart devices, etc.)requesting or requiring demonstration or proof of one or more identityattributes. The receiver device may be a smart device or may requestand/or accept digital credentials for a smart device. The method maycomprise determining that the identity request of the first signalcomprises a request to prove an identity attribute. That the identityrequest of the first signal comprises the request to prove the identityattribute may be determined at the mobile device, such as by the mobileapplication, or the mobile application may transmit the first signal (ora version thereof) to a remote system or other computing device, and theresult of the determination may be transmitted back to the mobile devicefollowing the determination by the remote system or the other computingdevice. The method may comprise identifying a digital credential, in theidentity wallet, corresponding to the identity attribute. The identifieddigital credential may attest to the identity attribute. The digitalcredential may include or identify the identity attribute or otheridentity data (or a pointer thereto). The digital credential may,alternatively or additionally, include or identify a digital key (orpointer thereto) associated with an ID issuer or other trusted entity,and/or information on a distributed ledger enabling, for example,verification of the digital credential using blockchain technology. Thedigital key and/or distributed ledger may indicate or demonstrate thatthe trusted entity has validated certain identity data of the user. Thedigital credential (e.g., in an accessible identity wallet) that wouldserve to prove the requested identity attribute may be identified by themobile device (e.g., by the mobile application, which runs on the mobiledevice, accessing the identity wallet or records associated therewith).The method may comprise displaying a graphical user interface (GUI) viaone or more user interfaces (e.g., via a display screen) of the mobilecomputing device. The GUI may be displayed by the mobile application.The GUI may comprise a list with one or more selectable identityattributes and/or one or more digital credentials corresponding with andvalidating one or more identity attributes. The list may, for eachidentity attribute and/or digital credential, provide an identificationof the corresponding validating entity. The list may include the one ormore digital credentials of the trusted entity that attests to orvalidates the identity attribute. The digital credential and/or identityattribute may be selectable via one or more user interfaces (e.g., viatouchscreen or other input mechanism) of the mobile device. The methodmay comprise receiving a second signal generated by the mobile device,such as by an operating system or other component of the mobile devicethat, for example, is capable of sensing inputs into one or more userinterfaces of the mobile device. The second signal may be received bythe mobile application. The second signal may indicate selection of thedigital credential and/or identity attribute in the list, such asselection by a user via a touchscreen display used to visually presentthe GUI with the list. The method may comprise generating a thirdsignal. The third signal may be for provisioning to the receiver device.The third signal may be generated by the mobile device (e.g., by themobile application running on the mobile device). The third signal maycomprise the digital credential (or pointer thereto). The third signalmay additionally or alternatively identify the trusted entitycorresponding with the digital credential.

In one or more embodiments, the digital credential may be a firstdigital credential and the trusted entity may be a first trusted entity.The list may identify a second digital credential. The second digitalcredential may be in the identity wallet. The second digital credentialmay attest to the same identity attribute attested to by the firstdigital credential. The second digital credential may have beenvalidated by a second trusted entity distinct from the first trustedentity.

In one or more embodiments, the GUI may be configured to allow a user toselect from among multiple digital certificates of multiple trustedentities for proving multiple identity attributes to the receiverdevice.

In one or more embodiments, the identity attribute may be anextrapolation from identity data elements of a user. The extrapolationmay be a deduction or induction from identity data elements. Identitydata elements may be data received from one or more sources, andextrapolations may be information about the user that is not itselfreceived (e.g., from a single source) but may be ascertained fromreceived data (e.g., by combining data from one source with otherascertainable facts or by combining data from two or more sources).

In one or more embodiments, the extrapolation may be a determination asto whether the user has reached a minimum age. The determination may bebased on a birthdate of the user, which may be an identity data elementreceived from one or more sources. The digital credential may attest tothe user having reached the minimum age.

In one or more embodiments, example extrapolations include whether auser is at least 18, 21, 35, or 65, or is between a certain age rangesuch as between 18 and 25 (based on, e.g., the user's birthdate and thecurrent date), whether a user is authorized to operate a vehicle ormachinery (based on, e.g., a license and a determination that thelicense is unexpired based on the current date or is otherwise valid),whether a user is a property owner (based on, e.g., a title or deed anda determination that the title or deed has been properly recorded orexecuted or is otherwise deemed valid), and so forth. In certainimplementations, an extrapolation may yield a binary response(true/false, yes/no, up/down, valid/invalid, on/off, etc.), a range ofvalues (e.g., between 13 and 19 and therefore a teenager), a category(e.g., membership in a club or other organization, being in goodstanding, or belonging to a class such as being a senior citizen orbeing a veteran), a number, or any continuous or discrete values.

In one or more embodiments, the method may comprise displaying an imageof the user. Alternatively or additionally, the method may comprisedisplaying an icon indicating the extrapolation (e.g., that the user isat least the minimum age). Alternatively or additionally, the method maycomprise displaying an identification of the first trusted entity. Theimage, icon, and/or identification of the first trusted entity may bedisplayed by the mobile application on a display screen of the mobiledevice.

In one or more embodiments, the first signal may be a code displayed ona display device. The code may be displayed by the receiver device on adisplay screen of the receiver device. Receiving the first signal maycomprise the mobile application using an imager, such as a camera orother light sensor, of the mobile device to scan or otherwise detect thedisplayed code.

In one or more embodiments, the code may be a QR code, a barcode, and/ora set of one or more symbols. The QR code and/or barcode may bedisplayed by the receiver device. Determining that the QR code and/orbarcode comprises the request for the identity attribute may comprisethe mobile application deciphering or otherwise analyzing the QR codeand/or barcode.

In one or more embodiments, the first signal may be a wirelesscommunication. The wireless communication may be transmitted by thereceiver device. The wireless communication may be transmitted directlyto the mobile device, such as by device-to-device communication thatdoes not require a network such as the Internet. The wirelesscommunication may be a near-field communication (NFC). The NFCcommunication may involve, for example, the receiver device and themobile device. The wireless communication may alternatively oradditionally be via another communication protocol such as Bluetooth,Wi-Fi, wireless broadband, etc.

In one or more embodiments, the third signal may comprise a code thatincludes, points to, or otherwise represents the first credential. Themethod may comprise displaying the code. The code may be displayed viathe one or more user interfaces of the mobile device, such as a displayscreen of the mobile device.

In one or more embodiments, the third signal may comprise a message withthe first digital credential. The method may comprise wirelesslytransmitting the message. The message may be transmitted to the receiverdevice. The message may be transmitted by the mobile device. Wirelesslytransmitting the message may comprise directly transmitting the messageto the receiver device from the mobile device. The message may bedirectly transmitted via NFC. Alternatively or additionally, the messagemay be transmitted via a network, such as the Internet.

Various embodiments of the disclosure relate to a method implemented viaa mobile device running a mobile application that has access to anidentity wallet which includes digital credentials. The method maycomprise receiving a signal corresponding with an identity request. Thesignal may be received by the mobile device. The signal may be receivedfrom a receiver device. The method may comprise displaying a graphicaluser interface (GUI). The GUI may be displayed by the mobileapplication. The GUI may be displayed via one or more user interfaces ofthe mobile computing device, such as a display screen. The GUI maycomprise selectable identity attributes. The GUI may comprise, for eachidentity attribute, an identification of a corresponding validatingentity. The method may comprise receiving one or more selections of oneor more of the identity attributes. The one or more selections may bereceived by the mobile application. The one or more selections may bereceived, for example, from the display screen of the mobile deviceand/or via an operating system of the mobile device. The method maycomprise provisioning one or more digital credentials attesting to theselected identity attributes. The one or more digital credentials may beprovisioned by the mobile application. The one or more digitalcredentials may be provisioned to the receiver device.

In one or more embodiments, the identity attributes may be selectableby, for example, attribute category (e.g., health related, physicalattributes, travel, employment, family, etc.), ID set (associated with,e.g., a driver's license, passport, insurance card, or otheridentification), ID issuer (deemed to be an entity trusted to validateidentity attributes in generation of digital credentials), etc.

In one or more embodiments, provisioning the one or more digitalcredentials may comprise displaying one or more codes. The one or morecodes may be displayed via the one or more user interfaces of the mobiledevice, such as via a display screen of the mobile device. The one ormore codes may be displayed for the receiver device. The one or morecodes may comprise the one or more digital credentials attesting to theselected identity attributes.

In one or more embodiments, provisioning the one or more digitalcredentials to the receiver device may comprise transmitting the one ormore digital credentials attesting to the selected identity attributes.The one or more digital credentials may be transmitted wirelessly, suchas by NFC, Bluetooth, Wi-Fi, wireless broadband, etc. The one or moredigital credentials may be transmitted to the receiver device by themobile device, and/or by a remote system or device involved invalidation, issuance, and/or management of digital credentials.

Various embodiments of the disclosure relate to a mobile device runninga mobile application. The mobile application may have access to anidentity wallet comprising multiple digital credentials. The digitalcredentials may be validated by multiple ID issuers deemed to be trustedentities. The mobile device may comprise a wireless communicationsinterface. The mobile device may comprise an imager configured to detectambient light to capture images. The mobile device may comprise one ormore user interfaces. The user interfaces may comprise a display devicesuch as a touchscreen display. The one or more user interfaces may beconfigured for visually presenting graphical elements and for receivinguser inputs. The mobile device may comprise a processor and a memoryhaving stored thereon instructions which, when executed by theprocessor, cause the processor to perform specific functions. The mobiledevice may be configured to receive a first signal corresponding with anidentity request of a receiver device. The first signal may be receivedvia the wireless communications interface and/or via the imager. Themobile device may be configured to determine that the identity requestof the first signal comprises a request for proof of validation of oneor more identity attributes. The request may require validation by anytrusted entity, by a type of trusted entity (e.g., a governmental bodyor healthcare provider), by a specific trusted entity (e.g., a specificgovernment agency or medical provider). Such requirement related towhich trusted entity or trusted entities is or are acceptable orsought-after may be identified in the request. That the identity requestcomprises a request for, for example, validation of one or more identityattributes (generally, or as validated by a certain trusted entity ortype of trusted entity) may be determined via the mobile application.The mobile device may be configured to identify multiple digitalcredentials in the identity wallet that attest to the identityattributes. The identified digital credentials may have been validatedby multiple trusted entities, which may be of different types (e.g.,healthcare institution, governmental body, etc.). The digitalcredentials may identified via the mobile application. The mobile devicemay be configured to display a graphical user interface (GUI) comprisingthe digital credentials and/or comprising the identity attributesvalidated by the identified digital credentials. The GUI mayadditionally or alternatively comprise an identification of trustedentities corresponding to the digital credentials. The GUI may bedisplayed via the one or more user interfaces of the mobile device. Thedigital credentials and/or the identity attributes validated by orotherwise corresponding to the digital credentials may be selectable viathe one or more user interfaces. The mobile device may be configured toreceive an indication that one or more of the digital credentialspresented by the GUI has been selected using the one or more userinterfaces. The indication may be received via the mobile application.The indication may be received as a signal from the one or more userinterfaces of the mobile device and/or the operating system of themobile device. The mobile device may be configured to provision theselected digital credentials attesting to the requested identityattributes. The digital credentials may be provisioned to the receiverdevice. The digital credentials may be provisioned via at least one ofthe wireless communications interface and the one or more userinterfaces (e.g., by being transmitted wirelessly and/or by beingdisplayed as part of a QR or other code on a display screen).

In one or more embodiments, receiving the first signal may comprisedetecting a code displayed on a display screen of the receiver device.The code may be detected using the imager of the mobile device. The codemay identify the one or more requested identity attributes.

In one or more embodiments, provisioning the selected digitalcredentials may comprise displaying one or more of the requestedidentity attributes. Alternatively or additionally, provisioning theselected digital credentials may comprise displaying one or moremachine-readable codes. The machine-readable codes may be displayedusing a display screen of the mobile device. The machine-readable codesmay be configured such that, when scanned and deciphered by the receiverdevice, the codes reveal one or more of the requested identityattributes and/or digital credentials. The codes may be or comprise, forexample, QR codes.

Various embodiments of the disclosure relate to a method implemented viaa mobile device running a mobile application, such as an identity walletapplication comprising or having access to one or more digitalcredentials. The method may comprise receiving a first signalcorresponding with an identity request. The first signal may be receivedby the mobile device from a receiver device. The method may comprisedetermining that the identity request of the first signal comprises arequest to prove an identity attribute. That the identity requestcomprises a request to prove the identity attribute may be determined bythe mobile device, such as by or via the mobile application. The methodmay comprise identifying one or more digital credentials in the identitywallet that attest to the identity attribute. The digital credentialsmay be identified by or via the mobile application. Each digitalcredential may have been validated by a different ID issuer deemed to bea trusted entity that attests to or otherwise validates identityattributes. The method may comprise displaying a graphical userinterface (GUI). The GUI may be displayed by the mobile application. TheGUI may be displayed via one or more user interfaces of the mobilecomputing device. The GUI may comprise a list with one or moreselectable digital credentials and/or identity attributes. The list may,for each digital credential or identity attribute, include anidentification of the corresponding validating entity. The list mayinclude the one or more digital credentials that attest to the identityattribute. The digital credentials and/or identity attributes may beselectable via one or more user interfaces of the mobile device. Themethod may comprise receiving a second signal generated by the mobiledevice. The second signal may indicate which of the digital credentialsand/or identity attributes in the list have been selected. The secondsignal may be received by the mobile application via, for example, atouchscreen or other input device of, and/or an operating system runningon, the mobile device. The method may comprise generating one or moresignals comprising the selected digital credentials. The one or moresignals may identify the trusted entity for each digital credential. Thesignals may be generated by the mobile device. The signals may begenerated for the receiver device.

In one or more embodiments, the signals may be provisioned to thereceiver device. The signals may be provisioned via a wirelesstransmission, such as a direct wireless communication between the mobiledevice and the receiver device. The direct wireless communication may beor may comprise one or more of NFC, Bluetooth, Wi-Fi, wirelessbroadband, etc.

In one or more embodiments, the signals may be provisioned visually. Thesignals may be provisioned by being displayed via one or more userinterfaces, such as a display screen, of the mobile device. The signalsmay be provisioned by displaying a code, such as a QR code. Provisioningmay comprise displaying coded or uncoded versions of one or more of, forexample, the digital credential, the corresponding trusted entity, theidentity attribute, an image of a user, an extrapolation of dataelements, etc.

Various embodiments of the disclosure relate to an approach involving amethod, a system, a device, and/or a non-transitory computer readablemedium with instructions executable by a processor to cause a system ora computing device, such as a user computing device, to perform specificfunctions. The approach may involve displaying or causing a display on auser computing device. The display may comprise a plurality of identityattributes pertaining to a user of the user device. Each identityattribute may be validated by an ID issuer, such as a governmentalauthority or another trusted entity, such as a financial institution,with an incentive to maintain trust and/or prevent fraud. The approachmay involve enabling selection by the user of one or more identityattributes among the plurality of identity attributes. The approach mayinvolve provisioning of selected identity attributes to a receiverdevice. Provisioning may comprise generation of a transmissioncontaining the one or more identity attributes selected by the user ofthe user device. The transmission may be sent to the receiver devicevia, for example, NFC or other wireless communication protocol.Alternatively or additionally, the identity attributes may beprovisioned to the receiver device via a display of the identityattributes (e.g., in the form of a code such as a QR code) on a displayscreen of the user device.

Various embodiments of the disclosure relate to an approach involving amethod, a system, a device, and/or a non-transitory computer readablemedium with instructions executable by a processor to cause a system ora computing device, such as a receiver device, to perform specificfunctions. The approach may involve enabling selection by a requestingentity such as a smart device or a service provider, via the receiverdevice, of one or more identity attributes to be requested. The approachmay involve displaying by, or causing a display on, a receiver device.The display may comprise a request for one or more identity attributes.The request may be in the form of, for example, a QR code. The approachmay additionally or alternatively involve generating a transmission(e.g., by the receiver device) comprising the request for selectedidentity attributes. The transmission may be sent to the user devicedirectly (e.g., via NFC or otherwise) or via a network (e.g., theInternet). The displayed request may be scanned using a user device of auser and deciphered via the user device to identify the identityattributes being requested. The receiver device may subsequently accepta transmission from the user device. The transmission may contain one ormore of the requested identity attributes. Alternatively oradditionally, the receiver device may scan or otherwise detect theidentity attributes being displayed (e.g., as a code such as a QR code)by the user device (e.g., on a display screen of the user device). Thereceiver device may compare the received identity attributes to therequested identity attributes to confirm that the requested identityattributes have been provided. The identity attributes may beaccompanied by a digital key (or a pointer to where or how the key maybe accessed) or identification of a distributed ledger forauthentication of the ID issuer and/or for confirmation that the IDissuer validated the identity attribute. The receiver device may thenvalidate the received identity attributes (such as confirming thevalidity of cryptographic keys to verify that the corresponding trustedentity validated the identity attributes). For example, the receiverdevice may generate a transmission to a server to obtain informationrelated to the identity attributes and/or validation thereof. Thereceiver device may then receive a transmission (which may validate thereceived identity attributes) from the server. The transmission maycomprise validating information related to the requested identityattributes received by the receiver device.

Various embodiments relate to a method implemented by a receiver device.The method may comprise detecting a user device. The user device may bedetected to be nearby or sufficiently close (e.g., within a thresholddistance of the receiver device). The user device may be detected usinga wireless communicator (comprising, e.g., a transceiver) of thereceiver device. The method may comprise identifying one or moreidentity attributes to be proved by the user device. The identityattributes may be identified based on the user device. The method maycomprise provisioning to the user device a request for proof ofidentified identity attributes. The method may comprise accepting, usingthe wireless communicator, a digital credential from the user device.The digital may identify and/or otherwise correspond to an ID issuer.The ID issuer may be claimed to have provided validation of the identityattributes. The method may comprise verifying that the ID issuervalidated the identified identity attributes. The method may comprise,in response to verification, granting, the user device access to atleast one of a functionality and information.

In one or more embodiments, the receiver device may display a graphicaluser interface. The graphical user interface may be configured to allowa service provider to select identity attributes to be requested fromthe user device. The graphical user interface may, alternatively oradditionally, be configured to allow a user of the user device to selectidentity attributes to be provisioned via the user device.

In one or more embodiments, the receiver device may generate a displayidentifying requested identity attributes. Alternatively oradditionally, the receiver device may generate a code (such as a QRcode) to be displayed. The code may identify the identity attributes.Alternatively or additionally, the code may identify acceptable IDissuers. The displayed identity attributes or codes therefor may bescanned by the user device and deciphered or otherwise analyzed by theuser device.

In one or more implementations, the receiver device may compare theidentity attributes corresponding to the received digital credential tothe requested identity attributes to confirm that the requested identityattributes have been provided.

In one or more embodiments, the identity attributes may be accompaniedby a digital key (or a pointer to where or how the key may be accessed)or identification of a distributed ledger for authentication of the IDissuer and/or for confirmation that the ID issuer validated the identityattribute.

In one or more embodiments, the receiver device may validate thereceived identity attributes by, for example, confirming the validity ofcryptographic keys to verify that the corresponding ID issuer validatedthe identity attributes.

In one or more embodiments, the receiver device may grant the userdevice access to a facility by, for example disarming a security systemor component thereof. Alternatively or additionally, the receiver devicemay enable a functionality such as engine start for a vehicle.

Various embodiments of the disclosure relate to an approach involving amethod, a system, a device, and/or a non-transitory computer readablemedium with instructions executable by a processor to cause a system ora computing device, such as a credential management system, to performspecific functions. The approach may involve receiving a first set ofidentity data at a first server from a second server, wherein the secondserver belongs to an ID issuer. The approach may involve associating thereceived first set of identity data with a digital key pertaining to auser associated with the same key. The approach may involve storing thereceived first set of identity data and associated digital key at thefirst server. The approach may involve receiving a transmission at thefirst server from a first device. The transmission may comprise a secondset of identity data associated with the digital key, and a request forverification of the second set of identity data. The approach mayinvolve the first server verifying that the received second set ofidentity data matches the first set of identity data. The verificationmay comprise comparing, at the first server, the second set of identitydata to the first set of identity data. The verification may comprisedetermining whether the second set of identity data is associated withthe same digital key as the first set of identity data. The verificationmay comprise determining whether the identity data in the first setsufficiently matches the identity data in the second set. Adetermination that the first and second sets match may be deemed averification of the second set of identity data. The approach mayinvolve sending a second transmission from the first server to the firstdevice comprising a message indicating that the second set of identitydata is verified.

Various embodiments of the disclosure relate to an approach involving amethod, a system, a device, and/or a non-transitory computer readablemedium with instructions executable by a processor to cause a system ora computing device, such as an ID issuer system, to perform specificfunctions. The approach may involve receiving, at a first server, arequest from a second server for digitization of identity datapertaining to a user. The first server may be associated with anidentity management system. The approach may involve digitizing, via thefirst server, identity data pertaining to the user to obtain a digitalcredential. The first server may send a transmission to the secondserver comprising the digitized credential pertaining to the user. Thedigital credential may comprise one or more identity attributes or otheridentity data and a digital key or other cryptographic identifier.

Various embodiments of the disclosure relate to a method implemented viaa mobile device running a mobile application having access to anidentity wallet with digital credentials. The method may comprisepresenting a first graphical user interface (GUI) via one or more userinterfaces of the mobile computing device. The first GUI may compriseselectable identity attributes. The first GUI may comprise, for eachidentity attribute, an identification of a corresponding validatingentity. The method may comprise detecting one or more selections of oneor more of the identity attributes. The method may comprise identifyingin the identity wallet digital credentials proving validation of theselected identity attributes by one or more trusted entities. The methodmay comprise presenting a second GUI via the one or more userinterfaces. The second GUI may comprise selectable digital credentialsidentified in the identity wallet. The method may comprise detecting oneor more selections of one or more of the digital credentials. The methodmay comprise provisioning, to the receiver device, the one or moreselected digital credentials.

In one or more embodiments, the second GUI may comprise a first digitalcredential corresponding to validation of an identity attribute by afirst trusted entity, and a second digital credential corresponding tovalidation of the same identity attribute by a second trusted entity.

In one or more embodiments, the method may comprise generating a QR withthe digital credentials selected via the second GUI. Provisioning theone or more credentials to the receiver device may comprise displayingthe QR code for scanning by the receiver device.

Various embodiments of the disclosure relate to a method implemented viaa mobile device running a mobile application having access to anidentity wallet with one or more digital credentials. The method maycomprise biometrically authenticating, using one or more biometricsensors of the mobile device, a user of the mobile device. The methodmay comprise receiving a signal from a receiver device. The method maycomprise determining that the signal includes a request for validationof an identity attribute. The method may comprise identifying one ormore digital credentials available in the identity wallet thatdemonstrate the identity attribute as having been validated by one ormore trusted entities. The method may comprise displaying, on atouchscreen of the mobile device, a graphical user interface (GUI)presenting the one or more digital credentials identified as beingavailable in the identity wallet. The GUI may present, for each digitalcredential, a corresponding trusted entity. The method may comprisedetecting selection of one or more of the digital credentials in the GUIvia the touchscreen. The method may comprise provisioning the one ormore selected digital credentials to the receiver device.

In one or more embodiments, the signal may comprise avisually-perceptible code displayed on a display screen of the receiverdevice.

In one or more embodiments, receiving the signal may comprise scanningthe code, using an imager of the mobile device, as presented on thedisplay screen of the receiver device.

In one or more embodiments, the code may be a QR code.

In one or more embodiments, determining that the signal includes therequest may comprise deciphering the visually-perceptible code.

In one or more embodiments, the signal may comprise a wirelesstransmission from the receiver device.

In one or more embodiments, receiving the signal may comprise detecting,using a wireless communicator of the mobile device, the wirelesstransmission from the receiver device.

In one or more embodiments, the signal may be emitted by the receiverdevice via near-field communication (NFC).

In one or more embodiments, provisioning the one or more selecteddigital credentials may comprise displaying, on a touchscreen,information on validation of the identity attribute.

In one or more embodiments, the displayed information may comprise animage of the user corresponding with the user of the mobile device.

In one or more embodiments, the displayed information may comprise anindication that the identity attribute has been validated by one or moretrusted entities and an identification of the one or more trustedentities.

In one or more embodiments, the information may comprise avisually-perceptible code.

In one or more embodiments, the identity attribute may be or maycomprise an extrapolation based on identity data validated by one ormore trusted entities.

In one or more embodiments, the receiver device may be part of a smartvehicle. The identity attribute may be registration of the smart vehicleto the user.

In one or more embodiments, an engine start function of the smartvehicle may be disabled when the first signal is emitted by the receiverdevice. The receiver device may be further configured to verify theprovisioned digital credential and enable the engine start function ofthe smart vehicle upon verification of the digital credential.

In one or more embodiments, provisioning the one or more selecteddigital credentials comprises wirelessly transmitting, using a wirelesscommunicator, the one or more selected digital credentials.

Various embodiments of the disclosure relate to a method implemented viaa mobile device running a mobile application having access to anidentity wallet with one or more digital credentials. The method maycomprise biometrically authenticating, using one or more biometricsensors of the mobile device, a user of the mobile device. The methodmay comprise scanning, using an imager, a QR code displayed on a displaydevice of a receiver device. The method may comprise determining thatthe QR code includes a request for validation of an identity attribute.The method may comprise identifying one or more digital credentialsavailable in the identity wallet that demonstrate the identity attributeas having been validated by one or more trusted entities. The method maycomprise displaying, on a touchscreen of the mobile device, a graphicaluser interface (GUI) presenting the one or more digital credentialsidentified as being available in the identity wallet and, for eachdigital credential, a corresponding trusted entity. The method maycomprise detecting selection of one or more of the digital credentialsin the GUI via the touchscreen. The method may comprise displaying, onthe touchscreen, a QR code comprising the one or more selected digitalcredentials for scanning by the receiver device.

Various embodiments of the disclosure relate to a method implemented bya receiver device. The method may comprise detecting a user devicewithin a threshold distance of the receiver device. The user device maybe detected using a wireless communicator of the receiver device. Themethod may comprise identifying one or more identity attributes to beproved by the user device. The method may comprise provisioning arequest for proof of identified identity attributes. The request may beprovisioned to the user device. The method may comprise accepting adigital credential from the user device. The he digital credential maycorrespond to a trusted entity. The method may comprise verifying thatthe trusted entity validated the identified identity attributes. Themethod may comprise, in response to verification, granting access to anarea, a functionality, and/or a source of information.

In one or more implementations, the receiver device is associated with asmart device. The access granted by the receiver device may be access toa subset of functionalities of the smart device.

In one or more implementations, the receiver device may limitfunctionality of the smart device based on a restriction correspondingto the digital credential. The restriction may be identified by thedigital credential. The restriction's association with the digitalcredential may be determined based known records or records availablefrom another device.

In one or more implementations, the user device may be a first userdevice and the digital credential may be a first digital credential. Themethod may comprise accepting a second digital credential. The seconddigital credential may be accepted from the second user device.

In one or more implementations, the receiver device may require thesecond digital credential from the second user device before grantingaccess. The requirement for the second digital credential may be basedon a restriction identified by or corresponding to the first digitalcredential.

In one or more implementations, the trusted entity may be, or mayrepresent, an owner of the receiver device. The identity attribute maybe authorization to access the area, functionality, or source ofinformation.

In one or more implementations, the receiver device may be associatedwith a smart vehicle of the trusted entity. The functionality may beengine start.

In one or more implementations, the receiver device may be associatedwith a home of the trusted entity. The access may be entry into thehome.

In one or more implementations, the receiver device may be a smartappliance of the trusted entity. The access may be use of the smartappliance.

In one or more implementations, the receiver device may be a computingdevice through which an account of the trusted entity is being accessed.The access may be access to the account.

In one or more implementations, the method may comprise receiving arequest to access the area, functionality, or source of information. Therequest may be received from the user device. The request may bereceived before provisioning the request for proof.

In one or more implementations, the method may comprise receiving fromthe user device, before provisioning the request for proof, a request touse the receiver device. The request may be received from the userdevice. The request may be received before provisioning the request forproof.

In one or more implementations, verifying that the trusted entityvalidated the identified identity attributes may comprise transmitting arequest for validation to a device associated with the trusted entityand/or to a credential management system.

In one or more implementations, provisioning the request for proof ofidentified identity attributes may comprise visually presenting a code.The code may be scannable via the user device. The code may be used todetermine the identified identity attributes. the code may be presentedvia a display screen of the receiver device. The code may be a QR codethat is decipherable via the user device.

In one or more implementations, provisioning the request for proof ofidentified identity attributes may comprise transmitting the request.The request may be transmitted to the user device via the wirelesscommunicator.

In one or more implementations, accepting the digital credential fromthe user device may comprise scanning a code displayed by the userdevice on a display screen of the user device.

In one or more implementations, accepting the digital credential fromthe user device may comprise using the wireless communicator to receivea transmission of the digital credential from the user device.

Various embodiments may relate to a receiver device. The receiver devicemay comprise a wireless communications interface. The receiver devicemay comprise one or more user interfaces configured for visuallypresenting graphical elements and for receiving user inputs. Thereceiver device may comprise an application layer configured to controlaccess to a functionality of the receiver device. The receiver devicemay comprise a processor and a memory having stored thereon instructionswhich, when executed by the processor, cause the processor to performspecific functions. The receiver device may be configured to detect auser device within a threshold distance of the receiver device. The userdevice may be detected using the wireless communicator. The receiverdevice may be configured to identify an access and/or functionality tobe granted to the user device. The receiver device may be configured todetermine one or more identity attributes to be proved by the userdevice for granting the access or functionality. The receiver device maybe configured to provision a request for proof of the determined one ormore identity attributes. The request for proof may be provisioned tothe user device. The request for proof may be provisioned via thewireless communications interface and/or via the one or more userinterfaces. The receiver device may be configured to accept one or moredigital credentials. The digital credentials may be accepted from theuser device. The digital credentials may be accepted via the wirelesscommunications interface and/or the one or more user interfaces. The oneor more digital credentials may correspond to a trusted entity. Thereceiver device may be configured to verify that the trusted entityvalidated the determined one or more identity attributes. The receiverdevice may be configured to grant the access or functionality. Theaccess of functionality may be granted in response to the verification.The access or functionality may be granted via the application layer.

These and other features, together with the organization and manner ofoperation thereof, will become apparent from the following detaileddescription and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a computer-implemented identity managementsystem that includes a credential management system, identification (ID)issuer systems, receiver devices, and user devices, according to exampleembodiments.

FIG. 2 is a flow diagram of an example process for provisioning digitalcredentials, according to example embodiments.

FIG. 3 depicts an example user interface for provisioning a digitalcredential via display of a machine-readable code, according to exampleembodiments.

FIG. 4 depicts an example user interface for presentation of identityattributes, according to example embodiments.

FIG. 5 depicts an example user interface for a trusted entities sectionof an identity management application, according to example embodiments.

FIG. 6 depicts an example user interface for an identity attributessection of an identity management application, according to exampleembodiments.

FIG. 7 depicts an example user interface for an identity attribute setssection of an identity management application, according to exampleembodiments.

FIG. 8 depicts an example user interface for a digital credentialrecipients section of an identity management application, according toexample embodiments.

FIG. 9 depicts an example user interface for an attribute categoriessection of an identity management application, according to exampleembodiments.

FIG. 10 depicts an example user interface for a scan code section of anidentity management application, according to example embodiments.

FIG. 11 depicts an example user interface for a provision code sectionof an identity management application, according to example embodiments.

FIG. 12 depicts an example user interface for a settings section of anidentity management application, according to example embodiments.

FIG. 13 depicts an example user interface for review and/or selection ofdigital credentials accessible via an identification wallet, accordingto example embodiments.

FIG. 14 depicts an example user interface for selection of digitalcredentials that may be provisioned for a requested identity attribute,according to example embodiments.

FIG. 15 depicts an example user interface for a receiving device that isassociated with or part of a portal or smart device requesting one ormore digital credentials to grant access, enable functionality, etc.,according to example embodiments.

DETAILED DESCRIPTION

Various embodiments described herein relate to systems and methods forgenerating, issuing, managing, and provision of digital credentialsvalidated identity attributes. A user's identity may be an accumulationof a user's physical features, associations, relationships,characteristics, and life experiences, and may include identity dataelements representing, for example, birthdate, birthplace, height, eyecolor, name of spouse, travel history, hobbies, residence, employment,business and personal dealings, etc. An identity attribute, as usedherein, may include one or more identity data elements (e.g., name,address, birthdate, familial relationships, employment history, healthconditions, travel, accounts, etc.) and/or one or more extrapolationsbased on one or more identity data elements (e.g., an indication that auser is at least a minimum age based on the user's birthdate and thecurrent date, an indication that a user did travel to a country forwhich a travel warning was in effect based on the user's travel historyand travel warnings from government agencies, etc.). Identity attributesmay be validated by an ID issuer in generating a digital credential.Digital credentials may include the identity attribute (or a pointerthereto), an associated digital key (or a pointer thereto), and/or anidentification of a distributed ledger demonstrating that the identityattribute has been validated by a particular entity. For example, adigital key may associate the identity attribute with the ID issuercertifying the identity attribute, and generating a digital credentialmay include association of the digital key with the identity attribute.The validation of identity data may be represented in a distributedledger which may be referenced when authenticating a digital credentialor an associated ID issuer.

Advantageously, digital credentials discussed herein provide users withgreater control over what aspects of their identities are revealed. Thedisclosed approach allows users to provision selected identity data asvalidated by selected ID issuers, helping prevent unnecessary orunwanted disclosure of information. Digital credentials can beconfigured to contain individual identity attributes, rather than allthe information found on a conventional identification document such asa driver's license. For example, a requesting entity may request that aperson prove his or her address or that he or she is at least a certainage, and conventionally the person may present a driver's license thatreveals more personal information than required or even desired (such asbirthdate, height and weight, etc.). In example embodiments of thedisclosed approach, a user may present one or more digital credentialsto present only the user's address, or only confirmation that the useris at least the minimum age, as validated by one or more than onetrusted entity (not necessarily the agency that would issue the driver'slicense) without revealing the extraneous information.

The disclosed approach also allows users to acquire digital credentials(which can be used to prove identity attributes) from a greater varietyand number of entities. For example, a user can use a digital credentialwith address validated by, for example, a utility company or a financialinstitution instead of a government agency. Because the recipient of thedigital credential may not necessarily require validation of an identityattribute by a specific entity, the user has more options for how toprove identity attributes. Moreover, a user can more easily providecorroboration for an identity attribute by presenting multiple digitalcredentials to prove an identity attribute as validated by two trustedentities.

In addition to validation being provided by governmental bodies, privateentities (e.g., financial institutions or utility companies), or otherorganizations, validation may be provided by one or more individuals.Owners or managers of assets or properties can validate that one or moreindividuals have been granted authorization (which may be deemed anidentity attribute) to access or use the assets or properties,potentially with identified restrictions (e.g., time limits, limitedfunctionalities, presence of additional entities as may be determinedthrough presentation of additional credentials from user devices of theadditional entities, etc.). For example, an owner may grantauthorization to use a smart device or enter a secure facility, such asan owner of a smart vehicle, smart appliance, or smart home allowing useof the vehicle or appliance or allowing entry into the home byidentified persons, or a manager of a hotel allowing entry into a hotelroom upon presentation of digital credentials to a smart lock device. Invarious examples, the digital credential can be used to demonstrate, forexample, not only currently-valid authorization to use a device or entera facility, but can be used to impose restrictions on such use or entry.Example restrictions include limitations on functionality of a device,limitations on which rooms can be entered, time limits, requirementsthat one or more other persons also grant authorization, and/orrequirements that one or more other persons be present so as tosupervise the use or entry.

Additionally, a user may prove identity attributes without unnecessarilysharing biometric data with, or presenting biometric data to, additionaldevices. For example, instead of presenting biometric data to a smartdevice to prove identity (and thereby gain access or enablefunctionality), a user may provide biometric data to his or her own userdevice, and the user device may authenticate the user and provisiondigital credentials to prove a digital attribute without sharing orrevealing biometric data. By storing the user's biometric data on fewerdevices and storage media, it becomes less likely that the data will becompromised or misused (e.g., due to a data breach). Further, users areable to gain access (e.g., via portals accessed using a specializeddevice, via websites accessed on the Internet, via security systems forphysical or virtual domains, etc.) without having to remember, secure,and present various credentials (e.g., personal identification numbersor usernames, passwords, or other login credentials). The disclosurethus provides a more targeted and versatile approach that enhancesdigital privacy and security.

Referring to FIG. 1 , a block diagram of an identity management system100 for generation, validation, provisioning, and use of digitalcredentials according to example embodiments is shown. The examplesystem 100 includes a credential management system 110 (of, e.g., anindependent body or other entity, and capable of, e.g., managing IDissuers and digital credentials in association with uniquely identifiedusers), which may be implemented using one or more computing devices.The system 100 also includes ID issuer systems 130 (of, e.g., trustedentities, and capable of, e.g., validating identity attributesassociated with digital credentials according to various credentialschema which define what is included in a particular credential and/orwhat an ID issuer is validating), user devices 150 (e.g., mobilecomputing devices, such as smartphones, running an application capableof accessing digital credentials that may be part of an ID wallet anddirectly provisioning digital credentials or authorizing another deviceor system to provision digital credentials), receiver devices 170 (e.g.,devices of service providers such as merchants, organizations, orindividuals requesting proof of one or more identity attributes ofusers, smart devices confirming identity and/or authorization beforegranting access or enabling functionality, or other computing devicesconfirming authorization to access a portal such as access to an accountor to an information source), and an ID management system 190 (which maystore, verify, and/or update credentials made accessible to otherdevices in system 100). The components of the system 100 may becommunicably and operatively coupled to each other directly or over anetwork that permits the direct or indirect exchange of data, values,instructions, messages, and the like (represented by double-headedarrows in FIG. 1 ).

Each system and device in system 100 may include one or more processors,memories, network interfaces, and user interfaces. The memory may storeprogramming logic that, when executed by the processor, controls theoperation of the corresponding computing device. The memory may alsostore data in databases. The network interfaces allow the computingdevices to communicate wirelessly or otherwise by sending and receivingtransmissions. The various components of devices in system 100 may beimplemented via hardware (e.g., circuitry), software (e.g., executablecode), or any combination thereof. Each system and device in system 100may moreover include a security client which may provide fraudprevention measures and security protections (such as generation ofsecurity tokens, authentication of devices, verification of biometric orother security data, etc.).

The systems and devices in system 100 may also include applicationprogramming interface (API) gateways to allow the systems and devices toengage with each other via various APIs, such as APIs that facilitateauthentication, data retrieval, etc. Generally, an API is asoftware-to-software interface that allows a first computing system of afirst entity to utilize a defined set of resources of a second(external) computing system of a second (third-party) entity to, forexample, access certain data and/or perform various functions. In suchan arrangement, the information and functionality available to the firstcomputing system is defined, limited, or otherwise restricted by thesecond computing system. To utilize an API of the second computingsystem, the first computing system may make an API call to the secondcomputing system. The API call may be accompanied by a security oraccess token or other data to authenticate the first computing systemand/or a particular user. The API call may also be accompanied bycertain data/inputs to facilitate the utilization or implementation ofthe resources of the second computing system, such as data identifyingusers (e.g., name, identification number, biometric data), accounts,dates, functionalities, tasks, etc. In system 100, a system or devicemay provide various functionality to other systems and devices throughAPIs by accepting API calls via an API gateway. The API calls may begenerated via an API engine of a system or device to, for example, makea request from another system or device.

The credential management system 110 may include an onboarding unit 112for registering and/or establishing, for example, ID issuers (via, e.g.,ID issuer systems 130) or other entities validating identity attributes,users (via, e.g., user devices 150), and requesting entities such assmart devices or service providers (via, e.g., receiver devices 170). Incertain implementations, in the case of an ID issuer, for example,onboarding unit 112 may onboard an ID issuer (e.g., a public or privateentity, such as an organization or individual) via a network provider (asteward) to become an entity that can validate identity attributes inthe generation of credentials. In some implementations, the ID issuermay generate a unique digital ID that serves to identify a relationshipbetween the ID issuer, network operator, and the credential managementsystem. The network operator may use the digital ID and execute NYMcommands to register the ID issuer.

A credential generator 114 may generate credentials which could be madeusable or otherwise accessible via an identity wallet (e.g., ID wallet166 and ID wallet 192, which in certain implementations may includeduplicates of digital credentials in as backups). In variousimplementations, generation of digital credentials may comprisegeneration of cryptographic keys and/or unique identifiers for IDissuers, users, identity attributes, identity data elements, validationstatus, etc. Generation of a digital credential for an identityattribute may comprise validating an identity attribute with an IDissuer. Ledger manager 116 may record validation of identity attributesand/or digital credentials in various forms in a distributed ledger. Thedistributed ledger may be accessed to, for example, verify that aparticular identity attribute for a particular user has been validatedby a particular ID issuer as of a particular date and time. Blockchaintechnology may be used in combination with other security measures. Dataon users, ID issuers, requesting entities such as service providers orsmart devices, digital credentials, etc., may be stored and madeaccessible at ID/user database 118.

ID issuer systems 130 may be associated with trusted entities such asgovernmental bodies, financial institutions, utility companies,individuals, or other entities which are highly incentivized to inspiretrust, prevent theft or other fraud, and/or maintain verified user datauseful for authentication, security, and preservation of the entity'srelationships with users. ID issuer system 130 may include a validationunit 132 that accepts requests (from, e.g., credential management system110 and/or user devices 150) to validate (attest, endorse, or certify)identity attributes for particular users. In various embodiments, suchas implementations in which a trusted entity is an individual, anidentity attribute may indicate, for example, existence of a certainassociation (e.g., a business relationship) and/or a certainauthorization to, for example, operate a device (such as theindividual's vehicle or home appliance), enter a facility (such as theindividual's home or office), access an account or database of theindividual (such as accessing a person's financial or social mediaaccount or other information source through a portal), etc. Thevalidation unit 132 may authenticate a request (by, e.g., verifying thesender and the data in the request) and validate the identity attribute.A schema manager 134 may generate and maintain a schema identifyingwhich identity attributes will be validated by the ID issuer system 130and/or which ID attributes may be included in a digital credential. Dataon users, identity attributes, digital credentials, schema, etc., may bestored and made accessible at ID/user database 136. The ID issuer system130 may, additionally or alternatively, include components depicted aspart of other systems or devices in FIG. 1 . For example, ID issuersystem 130 may include a credential generator and/or ledger manager thatmay be involved in, for example, issuing and managing digitalcredentials.

User devices 150 may include one or more user interfaces 152.Input/output (I/O) components may allow a user to provide inputs (e.g.,a touchscreen, stylus, force sensor for sensing pressure on a displayscreen, etc.) and provide perceptible outputs (e.g., displays and lightsources for visually-perceptible elements, a speaker for audibleelements, and haptics for perceptible signaling via touch). Biometricsensors 156 may include a fingerprint reader, a heart monitor thatdetects cardiovascular signals, an iris scanner, a face scanner, and soforth. Ambient sensors 158 detect surrounding conditions, such asambient sights and sounds, and may include cameras, imagers, or otherlight detectors, and microphones or other sound detectors.

User devices 150 may include wireless interfaces 160 for wirelesscommunications via one or more communications protocols. For example,wireless interfaces 160 may enable near-field communication (NFC)between two devices located close to each other (e.g., within fourcentimeters of each other). Wireless interfaces 160 may include otherprotocols such as Bluetooth, Wi-Fi, and/or wireless broadband. One ormore user devices 150 may include one or more location sensors 162 toenable the user device 150 to determine its location and/or orientationrelative to, for example, other physical objects or relative togeographic locations. Example location sensors 136 include globalpositioning system (GPS) devices and other navigation and geolocationdevices, digital compasses, gyroscopes and other orientation sensors, aswell as proximity sensors or other sensors that allow the user device150 to detect the presence and relative distance of nearby objects anddevices. The user devices 150 may include various applications, such asID management application 164 that provides access to an ID wallet 166with credentials that are locally stored and/or stored remotely (at,e.g., ID wallet 192 of ID management system 190). In variousembodiments, the digital credentials in ID wallet 166 and ID wallet 192may be populated, updated, and otherwise managed via, for example,credential management system 110, ID issuer system 130, user devices150, and/or ID management system 190. The user devices 150 may alsoinclude one or more applications 168, which may be applications thatprovide access to or control over other devices, access to accounts orportals, or to various functionality and features. Example clientapplications include internet browsers, applications accompanying smartdevices such as security systems, appliances, vehicles, etc., mobilebanking applications, etc.

Receiver devices 170 may be devices associated with any entity, such asa computing device (e.g., a smart device), an individual, a merchant, agovernmental body, a financial institution, etc., requesting proof of anidentity attribute or otherwise requesting a digital credential. Exampleentities include portals (e.g., accounts or databases), governmentalbodies, healthcare providers, financial institutions, merchants, socialnetworking service providers, and/or smart devices (such as, e.g., smartvehicles, Internet of Things (IoT) devices, and security systems orgateways such as smart locks on doors or buildings). Receiver devices170 (which may comprise and/or be part of smart devices) may include acredential query client 172 configured to generate a request for adigital credential or for a validated identity attribute. In variousembodiments, the request may be provisioned to user devices 150 by, forexample, direct transmission to the user devices 150 (via, e.g., NFC orother communication protocols), transmission to user devices 150 via anetwork such as the Internet, and/or visual presentation, such as a code(e.g., a QR code) or description displayed on a display screen ofreceiver devices 170 for scanning by the user device 150.

Receiver devices 170 may include wireless interfaces 180 forcommunications via one or more communications protocols, such as NFC,Bluetooth, Wi-Fi, wireless broadband, etc. Receiver devices 170 mayinclude an application layer 182 through which users may delivercommands to, for example, smart devices capable of performing variousfunctionality in response to the commands. The receiver devices 170 mayalso include smart components 184, such as the hardware and softwareused for smart device functions, such as, for example, operation ofmotors, engines, locking and unlocking mechanisms, audiovisualinput/output devices, etc. Receiver devices 170 may be smart devices ora component thereof, or may be a separate device through which access orfunctionality may be authorized/de-authorized or enabled/disabled.

Once a digital credential is received by receiver device 170 (e.g.,received by ID management application 176 from a user device 150 or IDmanagement system 190), a credential verifier 174 may verify the digitalcredential. Credential verifier 174 may, for example, communicate withcredential management system 110, ID issuer system 130, and/or IDmanagement system 190 (e.g., by making one or more API calls, which maybe accompanied by the digital credential to be verified) to confirm thatthe digital credential is authentic. Additionally or alternatively, invarious embodiments the credential verifier 174 may confirm theauthenticity of the digital credential by, for example, accessing ablockchain-based distributed ledger and determining whether thedistributed ledger includes, references, or otherwise corroborates thedigital credential and/or the identity attribute.

In various embodiments, requests may be input, generated, and/ortransmitted via an ID management application 176 running on the receiverdevice 170. The credential query client 172 and/or the credentialverifier 174 may also be components of ID management application 176,ID/user database 178 may be maintained locally by ID managementapplication 176 and/or may be maintained remotely and accessed via IDmanagement application 176.

To add a new digital credential to ID wallet 166 and/or ID wallet 192, auser may request the new digital credential, or may be offered the newdigital credential. The user device 150 may receive a request for a newdigital credential from a user. The request may be received as, forexample, an input entered into a graphical user interface (GUI) of IDmanagement application 164 via an I/O component 154 of user device 150.The request for the new digital credential may identify a correspondingidentity attribute or set of identity attributes, such as the set ofidentity attributes found on a driver's license. The request may besubmitted to ID issuer system 130 (of, e.g., the Department of MotorVehicles), credential management system 110, and/or ID management system190. In some implementations, ID issuer 130 may, directly or indirectlyvia credential management system 110 and/or ID management system 190,offer the user a new digital credential for one or more particularidentity attributes. The offer may be, for example, displayed andaccepted or rejected via ID management application 164. Once the newdigital credential has been requested or the offer for the new digitalcredential accepted, the new digital credential can be provided by IDissuer system 130 and/or credential management system 110 and added toID wallet 166 and/or ID wallet 192.

FIG. 2 shows a representation of a process 200 in which a user device150 initiates a transaction that requires presentation of identity datawith a receiver device 170. The transaction may be initiated via, forexample, ID management application 164 running on the user device 150.In various embodiments, the ID management application 164 may belaunched (via, e.g., the operating system of the user device 150) as aresult of a user input (via, e.g., an I/O component 154) at a homescreen of the user device 150. In potential embodiments, the IDmanagement application 164 may launch, initialize, and/or display aprompt or otherwise present an alert upon detection (e.g., via wirelessinterfaces 160 and/or location sensors 162) that the user device 150 isnear a requesting entity and/or a receiver device 170 (e.g., amerchant's place of business or a smart device such as a smart vehicleor security system). The user may then use the ID management application164 to transact with the receiver device 170.

Once ID management application 164 has been launched, the user device150 may display a prompt (via, e.g., a first GUI displayed on a displayscreen) for biometric authentication of the user, and the user may bebiometrically authenticated via biometric sensors 156 (step 205).Digital credentials available in ID wallet 166 and/or ID wallet 192,and/or the identity attributes corresponding to the available digitalcredentials, may be displayed (e.g., as part of a second GUI) orotherwise presented by ID management application 164 (via userinterfaces 152) for selection (step 210). One or more digitalcredentials and/or identity attributes may then be selected via userinterfaces 152. If the digital credentials are not available in IDwallet 166, the ID management application 164 may transmit a request(e.g., via wireless interfaces 160) to ID management system 190 (step215), which may then authenticate the request and retrieve the requesteddigital credentials from ID wallet 192 (step 220). The ID managementsystem 190 may then transmit the retrieved digital credentials to theuser device 150 (step 225). In certain embodiments, the digitalcredentials may, alternatively or additionally, be retrieved (by userdevice 150 and/or ID management system 190) from credential managementsystem 110.

The digital credential may then be provisioned via, for example,wireless communication and/or visually-perceptible display. For example,ID management application 164 may generate a QR code (step 230) anddisplay the QR code on a display device of the user device 150 (step235). The receiver device 170 may then scan the provided QR code (step250) and verify the digital credential by transmitting a verificationrequest (step 255) to credential management system 110, ID issuer system130, and/or ID management system 190. Once the digital credential(s)have been verified (steps 260, 265, and/or 270), the user device 150 andthe receiver device 170 may proceed with the transaction. Digitalcredentials may be verified via credential verifier 174. Verification ofdigital credentials may comprise, in various embodiments: authenticatingcryptographic keys and/or unique identifiers; confirming associationsbetween users, identity data, and/or ID issuers; referencing adistributed ledger; and/or corroborating the identity data byreferencing another available data resource (e.g., online databases,financial data, records of prior dealings, etc.).

In various potential embodiments the QR (or other) code generated by theID management application 164 may contain identity attributes or otheridentity data associated with the user, such that a receiver device 170may access the identity data upon scanning of the QR code. Additionallyor alternatively, the QR code generated by the ID management application164 may include service endpoints relating to the selected identity dataand/or attributes, such that a receiver device 170 may access theservice endpoints upon scanning the QR code. A service endpoint may be,for example, a uniform resource locator (URL) associated with aparticular digital credential that points to a particular ID issuersystem 130 or records related to the validation of the identityattributes corresponding to the digital credentials. The serviceendpoints provided to the receiver device 170 by the user device 150,via the generated QR code, may cause the receiver device 170 tocommunicate with, for example, the credential management system 110, theID issuer system 130, and/or the ID management system 190 to gain accessto the requested identity data or to information on the validationthereof.

In various embodiments, the information included in a QR code generatedby, for example, the user device 150 may be available indefinitely afterbeing scanned by the receiver device 170. In certain embodiments, theinformation included in the QR code may expire a predetermined period oftime after the receiver device 170 scans the QR code. Expiration may beimplemented, for example, via a cryptographic key that is only valid fora certain time, through denial of access, by recording an expiration ina distributed ledger, or otherwise. In potential embodiments in whichthe QR code contains identity data, the expiration may be presentedusing a countdown timer (counting down from, e.g., 30 seconds or fiveminutes) displayed along with the identity data on the receiver device170. Where the QR code contains service endpoints associated withidentity data, the service endpoints may become inaccessible after aperiod of time after the QR code has been scanned by the receiver device170.

In various embodiments, the receiver device 170 may initiate atransaction with a user device 150 (rather than the user device 150initiating the transaction with the receiver device 170). The receiverdevice 170 may generate, for example, a QR code (via, e.g., credentialquery client 172) that identifies one or more requested identityattributes, and display the QR code on a display screen. Via IDmanagement application 164, the QR code can be scanned by user device150 using an ambient sensor 158 (e.g., a camera or other light detector)of the user device 150. The ID management application 164 may thenbiometrically authenticate the user via one or more biometric sensors156. The ID management application 164 may decipher the QR code toidentify the requested identity attribute(s). The ID managementapplication 164 may determine whether any digital credentials accessiblevia ID wallet 166 and/or ID wallet 192 are suited to proving theidentity attribute(s). The ID management application 164 may display orotherwise identify (via one or more I/O components 154) the requestedidentity data, and/or may display or otherwise identify suitable digitalcredentials available in ID wallet 166 and/or ID wallet 192. The usermay then select desired digital credentials and/or confirm that thedigital credentials may be provisioned to the receiver device 170.

The ID management application 164 may retrieve selected digitalcredentials from ID wallet 166 and/or ID wallet 192, and one or more QRcodes (with, e.g., identity data or pointers thereto) generated anddisplayed for scanning and verification (via, e.g., credential verifier174) by the receiver device 170 (at least in certain implementations inwhich provisioning involves display of codes). Referring to FIG. 3 ,which shows an example GUI 300 displayed on user device 150 according topotential embodiments, the ID management application 164 may (at 305)identify the identity attributes corresponding to available digitalcredentials suited to the request of the receiver device 170. In someembodiments, the identity attributes may be identified as a set (e.g.,“ID Set 1” in FIG. 3 ), and the entire set (or a subset of identityattributes therein) may be selected (as indicated by the “x” at 310).The GUI 300 also includes a generate code icon 315 which, when selected(e.g., by touching the corresponding area of the touchscreen), maygenerate and display QR code 320 for the selected digital credentialsand/or selected identity attributes.

Referring to FIG. 4 , ID management application 164 may additionally oralternatively display one or more validated identity attributescorresponding with one or more available digital credentials, in variouspotential embodiments. GUI 400 includes (at region 405) an image 410 ofthe user whose identity attributes are to be proved. The serviceprovider or other requesting entity may view or analyze the image 410and compare it with the user holding the user device 150. In someembodiments, the receiver device 170 may scan the image 410 as well asthe face of the user holding the user device 150 (using, e.g., an imagerof the receiver device 170), and the two images analyzed (using, e.g.,facial recognition) and compared with each other to confirm they are thesame person, or determine that the likelihood that they are the samepersons exceeds a certain predetermined threshold (e.g., at least 90percent likelihood).

GUI 400 may also include (at region 415) a listing of the identityattributes which have been validated by digital certificates in theuser's ID wallets. In some embodiments, multiple attributes, with anyone attribute validated by one trusted entity or more than one trustedentity, may be presented. In some embodiments, the identity attributerequested an extrapolation that requires a true or false (e.g., yes orno) response to a question, such as: “Is the user at least 21?” or “Isthe user under 18?” (based on, e.g., the user's birthdate and thecurrent date); “Is the user licensed to operate [a commercial vehicle][a forklift] [a motorcycle] [a certain machine]?” (based on, e.g., avalid license and a determination that the license is unexpired orotherwise valid); “Is the user a property owner?” (based on, e.g., atitle or deed and a determination that it has been properly recorded orexecuted or is otherwise deemed valid); etc. Other sample questionsinclude whether the user is a member of a certain club, is a resident ofa particular apartment building, is related to or associated withsomeone with a particular status, and so forth.

In some embodiments, a digital credential or extrapolation may beconditional, such as “User is authorized to enter premises if [wearingsafety goggles or other safety gear like a helmet, suitable footwear,etc.],” which can be determined via, for example, a receiver device 170scanning the user, or “User is authorized to proceed if user [performs acertain action or passes a test, such as speaking a phrase (forconfirmation of knowledge of the phrase, for voice recognition, and/orfor speech analysis to evaluate, e.g., a mental state, health condition,sobriety, etc.), removing jewelry, leaving behind all metallic items,etc.]. In certain embodiments, a digital credential or extrapolation maybe conditional on an action or presence of another user, such as beingaccompanied by a parent or adult. In such cases, the presence or actionof another user may be determined by a first user device 150 of a firstuser (and/or a receiver device 170) communicating with or detecting asecond user device 150 of a second user (e.g., via NFC), or the firstuser device 150 photographing or otherwise scanning (using, e.g.,ambient sensors 158) the first user's surroundings to determine that thesecond user is present and/or performing a certain action. In suchcases, the first user device 150 may alternatively or additionally, likea receiver device 170, request a digital credential from the second userdevice 150 to confirm a certain requirement or relationship, such as thesecond user being a parent or otherwise related to the first user, orthe second user being at least a minimum age. In variousimplementations, the presence or action of other users may, additionallyor alternatively, be confirmed via one or more receiver devices 170.

In some examples, the receiver device 170 may be a vehicle or othersmart device which is configured to require a digital credential from auser before allowing the user to start the vehicle or otherwise use orengage with the smart device. The vehicle as receiver device 170 mayrequest a digital credential confirming, for example, that the user ownsthe vehicle is or a family member of or otherwise related to an ownerand/or that the user is licensed to drive. In certain implementations,the digital credential may indicate that the user is conditionallyauthorized to drive the vehicle or use a smart device in certaincircumstances. For example, the user may be required to demonstratefitness to drive (e.g., by breathing into a breathalyzer to demonstratethat the user's blood alcohol content is below a maximum level) if, forexample, a digital credential indicates that the user has been orderedby a judge or is otherwise required to demonstrate fitness to drivebefore the vehicle can be started. Similarly, if the license is alearner's permit, the smart vehicle may request a suitable digitalcredential from another user device 150 to, for example, demonstratethat an adult who is licensed is accompanying the driver. In someimplementations, the requirement for digital credentials may be engaged(e.g., remotely) if a vehicle or other smart device is reported (orotherwise believed) to be lost or stolen.

In various embodiments, the receiver device 170 may be (or may beassociated with) a smart lock device or mechanism that is configured torequire a digital credential (to prove, e.g., identity and authorizationfrom an owner or agent thereof) from a user before allowing the user toenter an area (e.g., a home, office building, warehouse, hotel room,etc.). In certain embodiments, the receiver device 170 is a computingdevice through which a user accesses a portal (e.g., mobile device usedto access an application or website). For example, while accessing anapplication or website on a receiver device 170 that is a laptop ordesktop computer, a user may present a digital credential via a userdevice 150 that is a smartphone. Similarly, while accessing anapplication or website on a receiver device 170 that is a smartphone, auser may present a digital credential via a user device 150 that is awearable device such as a smart watch or smart clothing.

In some embodiments, a digital credential may be “intra-device,” may be“cross-application,” or may otherwise involve one device, such that thereceiver device and the user device are the same device. For example, afirst application (e.g., client application 168) running on a userdevice 150 may require proof of a digital attribute or request a digitalcredential from the user. A second application (e.g., ID managementapplication 164) running on the user device 150 may provide a suitabledigital credential. In various embodiments, the second application maypresent the digital credential to the first application (e.g., directlyor via an operating system of the device), or to another system ordevice, such as a remote server via a network. In variousimplementations, the first application may be informed of the digitalcredential actively or passively, directly or indirectly. For example,the first application may await an indication from the other system ordevice, or an intermediary system or device, that the digital credentialhas been received and/or validated. Additionally or alternatively, thefirst application may itself confirm receipt of the digital credentialby the other system or device by, for example, transmitting a requestfor confirmation (to the other system or device, or to an intermediarysystem or device) of a suitable digital credential and receivingconfirmation (from the other system or device, or from the intermediarysystem or device) in response to the request.

Such ID attributes may themselves be validated by a trusted entity(e.g., an entity such as the DMV may provide the response such as “yes”or “no” to a specific question such as “is the user licensed to operatea motorcycle?”), or the identity attribute may be an extrapolation basedon a validated identity attribute in combination with other known data.For example, the ID management application 164 may extrapolate, based onthe user's birthdate in combination today's date, that the user is atleast a minimum age. In certain embodiments, a separate, “secondary”digital credential may be generated (via, e.g., credential managementsystem 110, ID management system 190, and/or ID management application164) for an extrapolation which is not per se validated by a trustedentity but may be deduced or induced from validated or otherwiseascertainable data. The secondary digital credential may be based on avalidated identity attribute of a “primary” digital credential.

At 420, GUI 400 indicates (as represented by the checkmark) that anidentity attribute is confirmed and/or a condition is satisfied (e.g.,the user is 21 years old or older, as indicated by the “21+”).Additionally, ID management application 164 may present, in variousembodiments, a credential provisioning region 425 which providesselections to provision the digital credentials to the receiver device170 via, for example, generation and display of a QR code (“GenerateCode”) or via a wireless transmission (“Transmit Credential”) via NFC orotherwise.

FIGS. 5-12 show representations of example graphical user interfaces500, 600, 700, 800, 900, 1000, 1100, and 1200 for ID managementapplication 164 on user device 150 and/or for ID management application176 on receiver device 170, according to example embodiments. Theexample user interfaces 500, 600, 700, 800, 900, 1000, 1100, and/or 1200may be shown on a display screen of user device 150 to, for example,allow for selection of items to be provided to a receiver device 170, oron a display screen of receiver device 170 to, for example, allow forselection of items to be requested from a user device 150.

The user interface 500 in FIG. 5 comprises one or more controlcategories 505, including “trusted entities,” “identity elements,”“attribute sets,” “recipients,” “attribute categories,” “scan code,”“provision code,” and “settings.” The bolded outline indicates selectionof “trusted entities” among the control categories 505. While the“trusted entities” category is selected, entities that have and/or thatmay attest to or otherwise validate identity attributes pertaining tothe user of user device 150 are listed by ID management application 164.Trusted entities may include ID issuers, governmental authorities, orother entities that may validate one or more identity attributes. Atrusted entity (e.g., Healthcare Institution 1) may be selected usingvirtual buttons or other selectors, such as selectors 585 and 590,assigned to each item. Virtual buttons can be manipulated by, forexample, a user touching, holding, pressing, etc. on a touchscreen orother I/O component 154. Selector 585, a square without an “x” therein,corresponds to items that have not been selected, while selector 590, asquare with an “x” therein, corresponds to selected items. Repeatedactivation of a virtual button (e.g., by touching) results in selectionand deselection of a corresponding item, causing an “x” to be added toan unselected item to indicate selection, and causing an “x” to be takenaway from a selected item to indicate deselection.

Items displayed by user interface 500 may comprise one or morecategories of trusted entities (e.g., financial institutions 510 andgovernmental institutions 515), particular trusted entities in eachcategory (e.g., Financial Institution 1 520 and Department of State525), attribute sets (e.g., passport 530 and medical ID card 535),identity attributes (e.g., member number, birthdate, blood type,allergies, and health conditions at, e.g., 540 and 545), etc. Certainitems (e.g., account information and allergies) may include a list ofone or more sub-items that are not currently being displayed (i.e., thelist of sub-items is “collapsed”), which is indicated by icon 575, whichis a circle with a plus sign (“+”) indicating there are (or may be)additional sub-items not currently shown. Items with a list of one ormore sub-items that are currently being displayed (i.e., the list ofsub-items is “expanded”) are indicated by icon 580, which is a circlewith a minus sign (“—”) indicating that sub-items are displayed butcould be hidden from view. Selecting or otherwise activating icon 575(e.g., by touching) may display (“expand”) the list of correspondingsub-items, while selecting or otherwise activating icon 580 may hide(“collapse”) the list of corresponding sub-items being displayed. Invarious potential embodiments, activation (e.g., by touching) of virtualbuttons (e.g., 585 and 590) corresponding with items that include one ormore sub-items may cause all sub-items to be simultaneously selected ordeselected. Using virtual buttons 585 and 590, for example, a user mayselect the identity attributes to be shared with a receiver device 170.A generate code selector 595 (and/or other provisioning selectors) maybe used to generate and display one or more QR codes with one or moredigital credentials corresponding to the selected identity attributes(or provision in another selectable manner).

In FIG. 6 , “identity elements” has been selected at control categories605 of user interface 600. Accordingly, individual identity attributes(e.g., birthdate 610) are at the highest levels. Because each identityattribute may be validated (attested to) by multiple trusted entities,identity attributes of particular attesters (e.g., trusted entities 615)are displayed and selectable. Extrapolations based on the identityattribute may also be selectable at 620, such as a minimum age, maximumage, or age range based on birthdate. Restrictions may be placed onidentity attributes, such as purpose for which the identity attributemay be used. User interface 600 indicates at 625 that birthdate may berestricted to use for entry into an establishment or for making aparticular purchase. Restrictions may limit, for example, a duration oftime during which a code or identity attribute is displayed ordisplayable. The identity attribute may also be presented as part of aset. For example, birthdate may be presented as part of a set ofidentity attributes in a driver's license or a user-defined set at 630.Digital credentials corresponding to selected identity attributes withselected restrictions may be provisioned to a receiver device 170 via atransmit credentials selector 690 and/or a generate and display codeselector 695.

In FIG. 7 , “attribute sets” has been selected at control categories 705of user interface 700. User interface 700 provides sets of identityattributes (e.g., the identity attributes associated with a medical IDor driver's license) at the highest level. Under each attribute set, auser may select subsets of identity attributes corresponding to variouscategories, such as identity attributes related to health (e.g., healthconditions and blood type), identity attributes that are immutable(e.g., place of birth), and trusted entities that have attested to theidentity attributes. User interface 700 also allows for the placement ofrestrictions on identity attributes, such as use for prescriptionacquisition or appointment check-in. Digital credentials correspondingto selected identity attributes with selected restrictions may beprovisioned to a receiver device 170 via a transmit credentials selector790 and/or a generate and display code selector 795.

In FIG. 8 , “recipients” (of digital credentials) has been selected atcontrol categories 805 of user interface 800. User interface 800provides sets of requesting entities such as service providers that havebeen or may be recipients of digital credentials from the user at thehighest level. Under each entity, a user may select subsets of identityattributes corresponding to various attribute categories (e.g., health)or trusted entities (attesters such as Healthcare Institution 1), aswell as specific individual identity attributes (e.g., health conditionor allergies). User interface 800 may allow a user to readily selectidentity attributes which have previously been provisioned to receiverdevices 170 for provisioning again to the same receiver devices 170 orto other receiver devices 170.

In FIG. 9 , “attribute categories” has been selected at controlcategories 905 of user interface 900. User interface 900 providescategories of identity attributes at the highest level. Under eachattribute category, a user may select subsets of identity attributescorresponding to various attribute uses (e.g., passport renewal),trusted entities (attesters such as the Department of State), as well asspecific individual identity attributes (e.g., birthdate andbirthplace). User interface 900 allows a user to select related identityattributes for provisioning to a receiver device 170.

In FIG. 10 , “scan code” has been selected at control categories 1005,which causes display of a prompt for scanning a QR code displayed by,for example, a user device 150 or a receiver device 170. The QR code mayinclude a request or description of one or more identity attributes,digital credentials, etc. The QR code can be scanned by the user device150 or receiver device 170 using an ambient sensor such as a camera.Field 1010 shows a designated frame in which the QR code can bepositioned (by, e.g., adjusting the position of the camera until the QRcode is contained within field 1010) for automated scanning. The IDmanagement application may itself decipher the QR code itself, or maytransmit the QR code to a remote server for analysis and receive theresults back from the remote server. ID management application 164 maydetermine which (if any) digital credential(s) available in anaccessible ID wallet may satisfy the request. Analogously, ID managementapplication 176 may determine whether digital credentials receivedcorrespond to requested identity attributes. Abort selector 1015 may beused to abort scanning a code and/or to exit user interface 1100.

In various potential embodiments, the provided QR code could instead bea barcode or other form of machine-readable label. In some potentialembodiments, user interface 1000 may be automatically displayed based onuser device 150's proximity to a receiver device 170 (determined, e.g.,by ID management application using location sensors and/or wirelessinterfaces such as by receiving an NFC transmission between a receiverdevice 170 and user device 150). In such versions, the user interface1000 may display a prompt asking whether the user authorizes or acceptsa transmission from a nearby receiver device 170.

In FIG. 11 , “provision code” has been selected at control categories1105, which causes display of a QR code for scanning by, for example, areceiver device 170 or a user device 150. Alternatively or additionally,the “provision code” screen could allow for other mechanisms forprovisioning the code, such as direct wireless transmission to areceiver device 170 via NFC. The bolded outline at 1125 at the bottom ofuser interface 1100 indicates that generate code selector 1125 has beenselected, causing display of QR code 1115 containing one or more digitalcredentials (or pointers thereto) and/or identity attributes (orpointers thereto). In potential embodiments, provisioning of the QR code1115 may be prompted by a user after selection of various items at oneor more of user interfaces 500, 600, 700, 800, and/or 900). Userinterface 1100 shows a representation of a QR code corresponding to aselected “ID Set 1” 1110, which includes Attributes 1 and 2. Asindicated by selector 1120 (with the “x”), the QR code displayedincludes a digital credential corresponding to Attribute 2. In someimplementations, QR code 1115 can be dynamically regenerated, and thedisplayed QR code replaced by the regenerated QR code, to change whatdigital credential(s) are included therein based on what selections aremade via corresponding selectors. For example, the selector adjacent to“ID Set 1” may be selected (causing an “x” to be added thereto) toinclude all attributes in the set, or deselected (causing the “x” to beremoved therefrom) to unselect all attributes listed under “ID Set 1”;the selector adjacent to Attribute 1 may be selected to add the digitalcredential corresponding to Attribute 1 to a displayed QR code; and theselector 1120 adjacent to Attribute 2 may deselected to delete orotherwise remove the digital credential corresponding to Attribute 2from a displayed QR code.

In FIG. 12 , “settings” has been selected at control categories 1205,allowing for review and changing of settings of ID managementapplication 164 or ID management application 176. Example settingsinclude, but are not limited to, settings related to code generation1210, ID digitization 1215, authentication security 1220, and payment1225. Settings may be changed by, for example, toggling (such as by viatoggle selector 1230, which may be touched to, e.g., turn a setting on,off, or partially on/off as indicated by whether the filled-in circle ispositioned in an oval to the left, the right, or to one side withdiagonal lines), swiping (such as via magnitude selector 1235 with afilled-in circle that may be touched and dragged to the left or right todecrease or increase a level or size of a corresponding setting), and/ortext entry (such as entering an alphanumeric value into text field1240). Code generation settings 1210 may include, for example, settingswherein the ID management application 164 may be toggled toautomatically detect a transaction or interaction with a receiver device170 and correspondingly generate a necessary QR code containing relevantdigital credentials. In various potential embodiments, the automaticdetection may be based on location of the user device 150 and/or thereceiver device 170 and/or on concurrent use of the ID managementapplication 164 on the user device 150 and use of the ID managementapplication 176 on the receiver device 170. Other code generationsettings may include a manual initiation setting, wherein a user canselect a setting that prohibits automatic detection of transactions orinteractions. In certain implementations, manual initiation may requirea user to individually select, for example, one or more identityattributes. Additional settings may allow a user device 150 to allowbarcode detection in addition to or in place of QR codes through the IDmanagement application 164. In potential embodiments, a setting to allowNFC may be selected to enable close-range transactions and/orinteractions with, for example, receiver devices 170.

In various potential embodiments, user interface 1200 may providesetting options pertaining to a user or user device 150 authenticationsecurity settings 1220. For example, ID management application 164 maybe enabled to implement, for authentication purposes, facialrecognition, fingerprint scan, touch inputs, a personal identificationnumber (which may be entered into a text entry field underneath “setPIN”), and/or secondary types of authentication (such as challengequestions, email or text transmission of temporary codes, etc.). Paymentsettings 1225 may include an option for the ID management application164 to automatically decide an appropriate payment method based on, forexample, prior activity involving the user device 150. For example, theappropriate payment method may be determined from a list ofuser-provided payment methods, such as a linked credit and/or debitcard, based on use of the payment method in the past with the samereceiver device 170 or in similar circumstances.

FIG. 13 shows a representation of an example user interface 1300 for IDmanagement application 164 on user device 150 or ID managementapplication 176 on receiver device 170, according to exampleembodiments. The user interface 1300 may be shown on a display screen ofuser device 150 or receiver device 170. In FIG. 13 , ID managementapplication may be displaying, at the top, a set of digital credentialsthat may be accessible via an ID wallet or that may have been receivedfrom one or more user devices 150. The digital credentials correspond toidentity attributes validated by an identified ID issuer (in FIG. 13 ,“Trusted Entity 1” is the ID issuer for the displayed digitalcredentials). The triangle adjacent to “Trusted Entity” indicates adrop-down menu that allows for selection of other ID issuers (if any)through which digital credentials have been acquired. For Trusted Entity1, four digital credentials are displayed. The digital credentials areidentified by two numbers, first #.second #, where first #corresponds tothe ID issuer (Trusted Entity 1), and second # (“1,” “2,” “3,” or “4”)enumerates the digital credentials corresponding to the ID issuer. Twoof the digital credentials (1.1 and 1.2) validate the same identityattribute (i.e., Attribute 1) but may have different restrictions (e.g.,on how a digital credential may be used or for how long onceprovisioned) or expiration dates (e.g., how long a digital credential isvalid and may be provisioned). For example digital credential 1.1 has norestrictions on the usability, while digital credential 1.2 isrestricted to “Use 1” (e.g., for verifying a prescription). Digitalcredential 1.3 corresponds to Extrapolation 1 (e.g., minimum age), andthe digital credential is time-limited (e.g., is only available forviewing for a certain time after being provisioned, such as 10 seconds,a minute, five minutes, an hour, or a day). In various implementations,tapping (e.g., touching with a finger and lifting the finger withoutdelay) a digital credential selects the digital credential forprovisioning, for example, upon selection of “provision selectedcredential(s)” icon at the bottom of user interface 1300. As indicatedby the thicker borders of the digital credentials, Digital Credential1.2 and Digital Credential 2.4 have been selected for provisioning(e.g., by touching to select and deselect) in user interface 1300.

In certain implementations, touching and holding (e.g., leaving a fingeron a touchscreen for 1, 2, or 3 seconds without swiping) a digitalcredential presents (e.g., as a pop-up display on the present page or bynavigation to another page) additional details on the digital credentialor provides additional functionality such as hiding or deleting thedigital credential. In some implementations, selecting and dragging(e.g., swiping) allow for rearrangement of the digital credentials so asto adjust, for example, an order in which they are displayed or to groupdigital credentials into, for example, a bin or folder. If there areadditional digital credentials for the selected ID issuer that do notfit on the display screen, the user may select “View More DigitalCredentials From Entity 1” to view the other digital credentials.

At the bottom portion of user interface 1300, a set of digitalcredentials corresponding to an identity attribute (in FIG. 13 ,“Attribute 1”) are shown. This set includes Digital Credentials 1.1 and1.2 from Trusted Entity 1 because they correspond to Attribute 1, aswell as Digital Credential 2.4 (the fourth digital credential fromentity 2) and Digital Credential 5.1 (the first digital credential fromentity 5). The triangle adjacent to “Trusted Entity” indicates adrop-down menu that allows for selection of other ID issuers (if any)through which digital credentials have been acquired. For Trusted Entity1, four digital credentials are displayed, but more credentials (if any)may be displayed by selecting “View More Digital Credentials forAttribute 1” to view the other digital credentials.

FIG. 14 shows a representation of an example user interface 1400 for IDmanagement application 164 on user device 150, according to exampleembodiments. The user interface 1400 may be shown on a display screen ofuser device 150 after the user device 150 is provisioned, by a receiverdevice 170, a signal indicating what identity attributes are requestedor required. The signal may be, or may comprise, for example, a wirelesstransmission and/or a QR code (or other code or symbols that may bescanned and analyzed) that was displayed on a display screen of thereceiver device 170 and scanned by the user device 150. In FIG. 14 , IDmanagement application 164 indicates that Identity Attribute 4 has beenrequested for Purpose 3 (e.g., entry into a venue, healthcare deliverysuch as vaccination, dispensing of a prescription, or medical imaging,access to an account, database, or information source, access to a smartdevice and/or enabling of a function of the smart device, etc.). A setof digital credentials corresponding to the requested identity attributeare being shown. The set includes digital credentials from fourdifferent entities validating Attribute 4 (i.e., entities 2, 3, 6, and7). Each digital credential identifies what is validated (e.g., anindividual identity attribute or a set of identity attributes), andindicates whether any restrictions have been placed on usability of thedigital credential. Each digital credential may also allow forimposition or application of restrictions via a selector. In userinterface 1400, the selector is a drop-down menu (as indicated by thetriangle adjacent to “add restriction”), and selection of a restrictionfrom the drop-down menu adds the restriction to the digital credential.In some implementations, the selector may include the option to view andedit the restrictions of a digital credential (e.g., as an option to“Review/Modify Restrictions” under the drop-down menu). Selected digitalcredentials may be provisioned via the “provision selectedcredential(s)” icon at the bottom of user interface 1400.

FIG. 15 shows a representation of an example user interface 1500 of areceiver device 170, according to example embodiments. The userinterface 1500 may be targeted to a user of a user device 150 inpotential implementations. The user interface 1500 may be presented viaapplication layer 182, in various implementations. The user interface1500 may be shown on a display screen of receiver device 170, forexample, once the receiver device 170 detects a user (e.g., upon theuser touching a touchscreen of the smart device or otherwise interactingwith or engaging the smart device) and/or once the receiver device 170detects a user device 150 (through, e.g., wireless communication withthe user device 150 and/or through scanning of a code or other indiciadisplayed on a display screen of the user device 150). Additionally oralternatively, user interface 1500 may be an “always on” interface thatis regularly displayed while the receiver device 170 is on. Receiverdevice 170 may, for example, display user interface 1500 as a welcomescreen through which a user may gain access to or otherwise operate asmart device. User interface 1500 may indicate what identity attribute,such authorization from an owner or manager of the smart device, isrequested by the receiver device 170 to grant access or enablefunctionality. User interface 1500 may also indicate why the identityattribute is being requested, such as for enabling a certainfunctionality (e.g., a smart vehicle enabling engine start, a smart homeappliance enabling placement of an order for products, etc.), grantingaccess to an area (e.g., a smart lock mechanism unlocking a user's home,office, warehouse, hotel room, etc.), or otherwise rendering the smartdevice usable (e.g., unlocking the device itself) with limited orunlimited functionality.

In some implementations, the receiver device 170 may detect (e.g.,through secure wireless communication with the user device 150) whichdigital credentials that are available to the user device 150 (e.g., inID wallet 166 and/or ID wallet 192) would be acceptable (or areotherwise relevant) for granting the user certain access orfunctionality. In user interface 1500, digital credentials 7.1 and 7.2are from Entity 7, such as the owner of the smart device. DigitalCredential 7.1 (which is indicated as being expired as a result of,e.g., an expiration date and/or a frequency restriction that limits thenumber of times the digital credential can be used) authorizesunrestricted use of the smart device, while Digital Credential 7.2authorizes use of the smart device under certain restrictions. Examplerestrictions include limitations on which functions of the smart deviceare available (e.g., limited functionality as indicated by “Function Set2” in user interface 1500, such as parental-type controls, correspondingwith a subset of all functionalities of the smart device), timerestrictions (e.g., only for an afternoon, morning, weekend, or month),presence of another user (e.g., upon detection of a user device of oneor more specific other persons or receipt of one or more digitalcredentials from the user devices of the other persons, such as a parentor someone with certain position, rank, or status), limitations on wherethe smart device can be physically moved to (e.g., keeping the device inthe house or not driving beyond a certain geographic area), frequencylimitations (e.g., a maximum number of times the digital credential maybe used to gain certain access) and/or limitations on which areas withina facility can be entered (e.g., entering an office building but notcertain rooms or offices in the building).

Digital Credentials 9.1 and 10.1, from Entities 9 and 10, respectively,may be used to indicate another suitable certification or authorizationthat may be warranted, such as by a co-owner, governmental agency,certifying body, supervisor, parent, etc. For example, digitalcredentials may be used by a user to show that another entity hascertified that a user has training or is licensed to operate a smartdevice, such as being licensed by the DMV to operate a vehicle, or beingcertified by a training organization to use scuba gear, etc.Alternatively or additionally, one or more additional digitalcredentials can be requested if a restriction requires, for example,that a device be used or a facility be entered only under thesupervision of one or more specific persons. In various embodiments, anentity (e.g., an owner of a device) may only allow access or use for alimited time, allowing, for example, the owner to limit or revokeauthorization as desired. Selected digital credentials may beprovisioned by user device 150 following selection of a “provisioncredential(s)” icon at the bottom of user interface 1500. In someembodiments, the “provision credentials” icon is not activated unless anacceptable combination of digital credentials has been selected by auser.

In various embodiments, the digital credentials identified in userinterface 1500 may be digital credentials of more than one user (e.g.,detected from two nearby user devices 150). Digital credentials ofmultiple users may be requested or required if, for example, thepresence or authorization of another user (e.g., an adult) is requiredto enable functionality (e.g., if a user is a minor without a license orvalid credit card for a purchase to be made via the receiver device170). In certain embodiments, the digital credential is from anotherdevice that detects a certain condition or status and certifies that thecondition is satisfied or status is satisfactory. For example, a digitalcredential may be based on a nearby sobriety or other health detectiondevice that accepts physiological signals from the user for use invalidating the user is in a condition suited to using the smart device.In some embodiments, the other device (e.g., physiological signaldetecting device) may require a digital credential from the user device150 to demonstrate an identity attribute before the physiologicalsignals are detected. The digital credential may, in someimplementations, be provided to receiver device 170 by the user device150 along with a status or an indication as to whether a condition hasbeen met as confirmed via the other device.

In various embodiments, the receiver device 170 may indicate whichidentity attribute(s) are requested to grant access or enablefunctionality through direct transmission to the user device 150. Insome implementations, the user device 150 may provision suitable digitalcredentials automatically. In certain implementations, the user device150 may allow the user to select particular digital credentials to beprovisioned, and/or confirm that digital credentials should beprovisioned (via, e.g., a user interface analogous to user interface1300 of FIG. 13 ). For example, the user interface of the user device150 may present suitable digital credentials in the user's ID wallet,such as the example digital credentials depicted in user interface 1500.

In various embodiments, user device 150 may provision, and/or receiverdevice 170 may receive, digital credentials without involvement ofdisplay screens. For example, a user device 150 may receive a requestfor a digital credential through wireless transmission and indicatereceipt of a request through other, for example, haptics, sounds,lights, or other outputs. Additionally, the user device 150 may acceptinstructions to provision a digital credential to a receiver device 170through gestures, voice command, movements that generate signals throughsmart clothing, or other inputs. Visual prompts and graphical userinterfaces thus need not be implemented. In various embodiments, userdevice 150 and/or receiver device 170 may lack display screens. Forexample, a user device 150 used to provide digital credentials may be adedicated digital credential provisioning device that may lack a screen,or that may not use a display screen for, for example, identification orselection of digital credentials or confirmation that one or moredigital credentials are to be provisioned. Alternatively oradditionally, a receiver device 170 used to accept digital credentialsmay be a dedicated digital credential validating device that may lack ascreen, or that may not use a display screen for, for example,identification or selection of digital credentials or confirmation thatone or more digital credentials are to be requested. In variousembodiments, devices (e.g., user devices 150, receiver devices 170,and/or smart devices that provide certain access or functionality basedon digital credentials received directly from user devices 150 orreceived via receiver devices 170) may interface through a network ofdevices (e.g., an IoT network) to identify, exchange, and/or validatedigital credentials.

The user interfaces discussed herein and illustrated in the drawings areonly intended as non-limiting examples, and fewer or more userinterfaces, with fewer or more functionalities and selections, may beprovided in various versions. The functionalities, selectors,information, etc. represented in the user interfaces depicted in thefigures can be combined and/or rearranged in various ways (to, e.g.,“mix and match” functionalities and/or selections), yielding additional,fewer, and/or different interfaces, each with additional, fewer, ordifferent functionalities and selections.

The embodiments described herein have been described with reference todrawings. The drawings illustrate certain details of specificembodiments that provide the systems, methods and programs describedherein. However, describing the embodiments with drawings should not beconstrued as imposing on the disclosure any limitations that may bepresent in the drawings.

It should be understood that no claim element herein is to be construedunder the provisions of 35 U.S.C. § 112(f), unless the element isexpressly recited using the phrase “means for.”

Example computing systems and devices may include one or more processingunits each with one or more processors, one or more memory units eachwith one or more memory devices, and one or more system buses thatcouple various components including memory units to processing units.Each memory device may include non-transient volatile storage media,non-volatile storage media, non-transitory storage media (e.g., one ormore volatile and/or non-volatile memories), etc. In some embodiments,the non-volatile media may take the form of ROM, flash memory (e.g.,flash memory such as NAND, 3D NAND, NOR, 3D NOR, etc.), EEPROM, MRAM,magnetic storage, hard discs, optical discs, etc. In other embodiments,the volatile storage media may take the form of RAM, TRAM, ZRAM, etc.Combinations of the above are also included within the scope ofmachine-readable media. In this regard, machine-executable instructionscomprise, for example, instructions and data which cause a generalpurpose computer, special purpose computer, or special purposeprocessing machines to perform a certain function or group of functions.Each respective memory device may be operable to maintain or otherwisestore information relating to the operations performed by one or moreassociated circuits, including processor instructions and related data(e.g., database components, object code components, script components,etc.), in accordance with the example embodiments described herein.

It should be noted that although the diagrams herein may show a specificorder and composition of method steps, it is understood that the orderof these steps may differ from what is depicted. For example, two ormore steps may be performed concurrently or with partial concurrence.Also, some method steps that are performed as discrete steps may becombined, steps being performed as a combined step may be separated intodiscrete steps, the sequence of certain processes may be reversed orotherwise varied, and the nature or number of discrete processes may bealtered or varied. The order or sequence of any element or apparatus maybe varied or substituted according to alternative embodiments.Accordingly, all such modifications are intended to be included withinthe scope of the present disclosure as defined in the appended claims.Such variations will depend on the machine-readable media and hardwaresystems chosen and on designer choice. It is understood that all suchvariations are within the scope of the disclosure. Likewise, softwareand web implementations of the present disclosure may be accomplishedwith standard programming techniques with rule based logic and otherlogic to accomplish the various database searching steps, correlationsteps, comparison steps and decision steps.

The foregoing description of embodiments has been presented for purposesof illustration and description. It is not intended to be exhaustive orto limit the disclosure to the precise form disclosed, and modificationsand variations are possible in light of the above teachings or may beacquired from this disclosure. The embodiments were chosen and describedin order to explain the principals of the disclosure and its practicalapplication to enable one skilled in the art to utilize the variousembodiments and with various modifications as are suited to theparticular use contemplated. Other substitutions, modifications, changesand omissions may be made in the design, operating conditions andarrangement of the embodiments without departing from the scope of thepresent disclosure as expressed in the appended claims.

What is claimed is:
 1. A method implemented via a mobile device runninga mobile application having access to a first digital credential and asecond digital credential, the method comprising: receiving, by themobile device from a receiver device, a first signal corresponding withan identity request; determining, by the mobile device, that theidentity request of the first signal includes a request to prove anidentity attribute; identifying, by the mobile device, a first digitalcredential that attests to the identity attribute and a second digitalcredential that attests to the same identity attribute, the firstdigital credential having been validated by a first trusted entity andthe second digital credential having been validated by a second trustedentity distinct from the first trusted entity; displaying, by the mobiledevice, via one or more user interfaces of the mobile computing device,a graphical user interface (GUI) comprising a plurality of selectabledigital credentials and, for each digital credential, an identificationof the corresponding validating entity, wherein the GUI presents thefirst digital credential of the first trusted entity and the seconddigital credential of the second trusted entity; receiving, by themobile device, via the one or more user interfaces of the mobilecomputing device, a second signal indicating selection of at least oneof the plurality of selectable digital credentials in the GUI; andprovisioning, by the mobile device to the receiver device, the at leastone of the plurality of selectable digital credentials based on thesecond signal.
 2. The method of claim 1, wherein the provisioned digitalcredential is the first digital credential, the method furthercomprising provisioning, by the mobile device to the receiver device,the second digital credential.
 3. The method of claim 1, wherein the GUIis configured to allow a user to select from among multiple digitalcertificates of multiple trusted entities for proving multiple identityattributes to the receiver device.
 4. The method of claim 1, wherein thefirst signal is a code displayed on a display screen of the receiverdevice, and wherein receiving the first signal comprises scanning thedisplayed code using an imager of the mobile device.
 5. The method ofclaim 4, wherein the code is a QR code displayed by the receiver device,and wherein determining that the QR code includes the request for theidentity attribute comprises deciphering the QR code.
 6. The method ofclaim 1, wherein the first signal is a wireless communicationtransmitted by the receiver device directly to the mobile device.
 7. Themethod of claim 1, wherein provisioning the at least one of theplurality of selectable digital credentials comprises generating a codewith the at least one of the plurality of selectable digitalcredentials, and wherein the method further comprises displaying thecode via the one or more user interfaces of the mobile device.
 8. Themethod of claim 1, wherein provisioning the at least one of theplurality of selectable digital credentials comprises generating amessage with the first credential, and wirelessly transmitting themessage to the receiver device.
 9. The method of claim 8, whereinwirelessly transmitting the message comprises directly transmitting themessage to the receiver device via near-field communication.
 10. Themethod of claim 1, wherein the identity attribute is an extrapolationfrom data elements of a user.
 11. The method of claim 10, wherein theextrapolation is a determination, based on a birthdate of the user, asto whether the user has reached a minimum age, and wherein the one ormore provisioned digital credential attest to the user having reachedthe minimum age.
 12. The method of claim 11, further comprisingdisplaying, by the mobile device, an image of the user, an iconindicating that the user is at least the minimum age, and anidentification of one or more trusted entities corresponding to the oneor more provisioned digital credentials.
 13. A method implemented via amobile device running a mobile application having access to a pluralityof digital credentials, the method comprising: presenting, by the mobiledevice, a first graphical user interface (GUI) via one or more userinterfaces of the mobile device, the first GUI comprising selectableidentity attributes and, for each identity attribute, an identificationof a corresponding validating entity; detecting, by the mobile device,one or more selections of one or more of the identity attributes;identifying, by the mobile device, digital credentials provingvalidation of the selected identity attributes by one or more trustedentities; presenting, by the mobile device, a second GUI via the one ormore user interfaces, the second GUI comprising selectable digitalcredentials identified for proving validation of the selected identityattributes; detecting, by the mobile device, one or more selections ofone or more of the digital credentials; and provisioning, by the mobiledevice to the receiver device, the one or more selected digitalcredentials.
 14. The method of claim 13, wherein the second GUIcomprises a first digital credential corresponding to validation of anidentity attribute by a first trusted entity, and a second digitalcredential corresponding to validation of the same identity attribute bya second trusted entity.
 15. The method of claim 13, further comprisinggenerating a QR with the digital credentials selected via the secondGUI, wherein provisioning the one or more credentials to the receiverdevice comprises displaying the QR code for scanning by the receiverdevice.
 16. The method of claim 13, wherein provisioning the one or morecredentials to the receiver device comprises displaying one or morecodes via the one or more user interfaces of the mobile device, the oneor more codes comprising the one or more credentials attesting to theselected identity attributes.
 17. The method of claim 13, whereinprovisioning the one or more credentials to the receiver devicecomprises wirelessly transmitting, to the receiver device by the mobiledevice, the one or more credentials attesting to the selected identityattributes.
 18. A mobile device running a mobile application with accessto multiple digital credentials validated by multiple trusted entities,the mobile device comprising: a wireless communications interface; animager configured to detect ambient imagery; one or more user interfacescomprising a display device, the one or more user interfaces configuredfor visually presenting graphical elements and for receiving userinputs; and a processor configured to: receive, via at least one of thewireless communications interface or the imager, a first signalcorresponding with an identity request of a receiver device; determine,via the mobile application, that the identity request of the firstsignal comprises a request for one or more identity attributes;identify, via the mobile application, multiple digital credentials inthe identity wallet that attest to the identity attributes, the digitalcredentials having been validated by multiple trusted entities; display,via the mobile application using one or more user interfaces, agraphical user interface (GUI) comprising the credentials and anidentification of the corresponding trusted entities, wherein thedigital credentials are selectable via the one or more user interfaces;receive, via the mobile application, an indication that one or more ofthe digital credentials presented by the GUI has been selected using theone or more user interfaces; and provision to the receiver device, viaat least one of the wireless communications interface and the one ormore user interfaces, the selected digital credentials attesting to therequested identity attributes.
 19. The device of claim 18, whereinreceiving the first signal comprises detecting, using the imager, a codedisplayed on a display screen of the receiver device, the codeidentifying the one or more requested identity attributes.
 20. Thedevice of claim 18, wherein provisioning the selected digitalcredentials comprises displaying at least one of: one or more of therequested identity attributes; or one or more machine-readable codeswhich, when scanned and analyzed by the receiver device, reveal one ormore of the requested identity attributes.